Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Featured Spotlight

For the security industry, the tide is shifting. Executives and boards are recognizing future ROI benefits in beefing up security when alerted to the potential of a three to five percent sales decline following a data breach.

Microsoft Windows Server RPC bug finds new way to spread

Exploits taking advantage of a Windows Server Service vulnerability still are running rampant, nearly 1-1/2 months after Microsoft delivered an emergency fix, researchers said Friday.

Symantec, over the holidays, spotted another round of infections in the form of a worm known as W32.Downadup. Microsoft is terming the malware Win32/Conficker.

The latest variant finds a new way to take advantage of the highly critical bug, which involves the Remote Procedure Call (RPC) protocol, Symantec researchers said on Friday. In prior attacks, an attacker could execute remote code by sending a specially crafted RPC request.

However, the new exploit "can also spread through corporate networks by infecting USB sticks and accessing weak passwords," Symantec's Security Response department said Friday in a forum post.

"W32.Downadup.B creates an autorun.inf file on all mapped drives so that the threat automatically executes when the drive is accessed," according to Symantec. "The threat then monitors for drives that are connected to the compromised computer in order to create an autorun.inf file as soon as the drive becomes accessible."

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.